Data Protection

The Data Protection Act 1998 (DPA) makes provisions for the regulation of the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information.


The DPA was passed in order to implement the European Directive on data protection and applies to all personal data which are held either electronically or in a manual filing system.

The University of the Highlands and Islands has educational and business requirements to maintain certain personal data about living individuals including employees, students and graduates and others in pursuit of its legitimate activities as a university. The University recognises that the correct and lawful treatment of personal data maintains confidence in the organisation and provides for successful operations and the University is committed to a policy of protecting the rights and freedoms of individuals with respect to the processing of their personal data. For this reason the University has adopted a robust Information Security and Data Protection policy that fully endorses and adheres to the eight principles of the DPA.